Skip to content
This repository has been archived by the owner on Jan 24, 2021. It is now read-only.

NancyCookie doesn't have support for SameSite changes #3002

Open
drewfreyling opened this issue Feb 17, 2020 · 3 comments
Open

NancyCookie doesn't have support for SameSite changes #3002

drewfreyling opened this issue Feb 17, 2020 · 3 comments

Comments

@drewfreyling
Copy link

Nancy Version: Tested 1.4.5 and 2.0.0

Currently with all the SameSite cookie changes being done in Chrome (and FF and Edge) there is no nice way to set the SameSite options for a NancyCookie. See https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1 for more details.

Particularly this becomes a higher priority now that Chrome 80 is stable and has breaking changes around SameSite properties.

The only currently workaround I can see for the moment is to add a OWIN middleware and manually change the cookies myself.
@panManfredini
Copy link

Hi,
a bit uglier workaround (but maybe simpler) is to just add "; SameSite=<your_option>" to the value of the cookie, note the semicolon. At the end what is done is a simple string concat of options.

@drewfreyling
Copy link
Author

Yup a class that extends NancyCookie and overrides the ToString method works better as a workaround.

@0x414c49 0x414c49 mentioned this issue Mar 10, 2020
Closed
4 tasks
@0x414c49
Copy link

I just made a PR to add SameSite property.

@Nothing4You Nothing4You mentioned this issue Mar 7, 2021
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add SameSite support for NancyCookies 0x414c49/Nancy
3 participants
@drewfreyling @panManfredini @0x414c49